{"id":362,"date":"2019-01-18T07:35:57","date_gmt":"2019-01-18T13:35:57","guid":{"rendered":"https:\/\/packitforwarding.com\/?p=362"},"modified":"2019-01-18T13:45:37","modified_gmt":"2019-01-18T19:45:37","slug":"comptia-cysa-objective-3-2","status":"publish","type":"post","link":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/","title":{"rendered":"CompTIA CySA+ Objective 3.2"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation. <\/p><cite> CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 <\/cite><\/blockquote>\n\n\n\n<p>Being prepared before an event is a crucial part of being a security analyst. Developing a forensics toolkit is key in this preparedness.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Digital Forensics Workstation<\/h3>\n\n\n\n<p>The workstation for an investigation should be dedicated and <g class=\"gr_ gr_4 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del\" id=\"4\" data-gr-id=\"4\">setup<\/g> in advance. It should have the ability to do all of the tasks outlined in SANS&#8217; document <a href=\"https:\/\/www.sans.org\/reading-room\/whitepapers\/incident\/building-cost-forensics-workstation-895\">&#8220;Building a <g class=\"gr_ gr_18 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling multiReplace\" id=\"18\" data-gr-id=\"18\">Low Cost<\/g> Forensics Workstation&#8221;.<\/a>  Some of the requirements are below:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Must have network connectivity.<\/li><li>Must support hardware based drive duplication.<\/li><li>Must support remote and network drive duplication.<\/li><li>Must support duplication and analysis of common file systems.<\/li><li>Must be able to validate image and file integrity.<\/li><li>Must be able to identify dates and times files were modified, accessed and created<\/li><li>Must be able to create file system activity timelines.<\/li><li>Must be able to identify deleted files.<\/li><li>Must be able to analyze drive space, both allocated and unallocated<\/li><li>Must allow direct association of disk images and evidence to a case.<\/li><li>Must allow the investigator to associate notes to cases and evidence.<\/li><li>Must support removable media for storage<\/li><li>Evidence must be admissible in a court of law.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Other Required Tools<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Write Blockers:<\/strong> Tool that does not allow a protected drive to be changed. It must not prevent obtaining information from or about the drive. The tool won&#8217;t protect other drives.<\/li><li><strong>Cables:<\/strong> A variety of cables for connecting to storage should be in the kit including USB, SATA <g class=\"gr_ gr_7 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Punctuation only-ins replaceWithoutSep\" id=\"7\" data-gr-id=\"7\">and<\/g> FireWire along with power cables for drives.<\/li><li><strong>Drive Adapters:<\/strong> Adapters to support <g class=\"gr_ gr_52 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del multiReplace\" id=\"52\" data-gr-id=\"52\">microSATA<\/g>, SATA blade type SSD, SATA LIF and IDE<\/li><li><strong>Wiped Removable Media:<\/strong> Media of various types ready to be used and any adapters to use them.<\/li><li><strong>Cameras: <\/strong>Most commonly a Digital SLR camera with at least 12-megapixel capability is used for evidence collection.<\/li><li><strong>Crime Tape: <\/strong>You must protect the physical scene and keep it from being contaminated.<\/li><li><strong>Tamper-Proof Seals: <\/strong> You must be able to securely store evidence with tamper-proof seals to maintain the chain of custody.<\/li><li><strong>Documentation and Forms:<\/strong> Forms should be pre-printed for ease of use during the investigation. Many can be found at the <a href=\"https:\/\/www.ncjrs.gov\/pdffiles1\/nij\/199408.pdf\">US Department of Justice<\/a>. <ul><li><strong>Chain of Custody Form:<\/strong> Keeps a list of who has handled the evidence, when they did and in which order they handled the evidence.<\/li><li><strong>Incident Response Plan: <\/strong>Details the processes and steps for responding to an incident.<ul><li><strong><em>Step 1 &#8211; Detect: <\/em><\/strong>Detect the security incident.<\/li><li><strong><em>Step 2 &#8211; Respond:<\/em><\/strong> Appropriate response based on the type of incident. Responses and response times should be established ahead of time.<\/li><li><strong><em>Step 3 &#8211; Report:<\/em><\/strong> Report the incident based on the seriousness of the incident and previously defined procedures.<\/li><li><strong><em>Step 4 &#8211; Recover: <\/em><\/strong>Bring resources back to full capabilities while maintaining evidence.<\/li><li><strong><em>Step 5 &#8211; Remediate: <\/em><\/strong>Patch any vulnerabilities exploited and fix any other weaknesses found.<\/li><li><strong><em>Step 6 &#8211; Review:<\/em><\/strong> Review the lessons that can be learned from the incident and the response.<\/li><\/ul><\/li><li><strong>Incident Form: <\/strong>Used to fully describe the incident in detail. Example templates can be downloaded from <a href=\"https:\/\/www.sans.org\/score\/incident-forms\">SANS<\/a>.<\/li><li><strong>Call List or Escalation List:<\/strong> Contact information for those that may need to be alerted during an investigation and when they should be alerted.<\/li><\/ul><\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Forensic Investigation Suite<\/h3>\n\n\n\n<p>It is important to be familiar with tools that are commonly using in a digital investigation.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Imaging Utilities:<\/strong> Digital copies of storage must be made for backup and analysis. Two copies should be made, one for evidence and one for analysis. The Linux tool dd is one example of a bit by bit imaging tool.<\/li><li><strong>Analysis Utilities: <\/strong>Tools needed to analyze the copy of data created by the Imaging Utilities. An example of an open source tool is <a href=\"https:\/\/www.sleuthkit.org\/autopsy\/\">Autopsy.<\/a><\/li><li><strong>Chain of Custody:<\/strong> Hard copies must be maintained but tools can be used to automate the chain of custody.<\/li><li><strong>Hashing Utilities:<\/strong> Tools to verify information using either MD5 or SHA hashes. There are many open source tools to compute these hashes.<\/li><li><strong>OS and Process Analysis:<\/strong> Tools to analyze OS processes. <\/li><li><strong>Mobile Device Forensics:<\/strong> Tools to acquire information from mobile devices (tablets and phones).<\/li><li><strong>Password Crackers:<\/strong> Tools to crack password hashes such as JackTheRipper may be needed to analyze data.<\/li><li><strong>Cryptography Tools:<\/strong> Can attempt to decrypt data encrypted by common tools like BitLocker.<\/li><li><strong>Log Viewers: <\/strong> Tools to be able to read system logs easily.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 Being prepared before an event is a crucial part of being a security analyst. Developing a forensics toolkit is key in this preparedness. Digital Forensics Workstation The workstation for an investigation should [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":364,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"CompTIA CySA+ Objective 3.2 Study Notes #comptia #cysa+ #ciscochampion","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[88,31,95],"tags":[90,91],"class_list":["post-362","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-certification","category-cysa","tag-certification","tag-cysa"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CompTIA CySA+ Objective 3.2 -<\/title>\n<meta name=\"description\" content=\"ng prepared before an event is a crucial part of being a security analyst. Developing a forensics toolkit is key in this preparedness. This is part of Objective 3.2 of the CompTIA CySA+ exam.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CompTIA CySA+ Objective 3.2 -\" \/>\n<meta property=\"og:description\" content=\"ng prepared before an event is a crucial part of being a security analyst. Developing a forensics toolkit is key in this preparedness. This is part of Objective 3.2 of the CompTIA CySA+ exam.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:published_time\" content=\"2019-01-18T13:35:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-01-18T19:45:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-1496139.jpeg?fit=640%2C613&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"613\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Story\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/www.twitter.com\/ntwrk80\" \/>\n<meta name=\"twitter:site\" content=\"@ntwrk80\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Story\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/18\\\/comptia-cysa-objective-3-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/18\\\/comptia-cysa-objective-3-2\\\/\"},\"author\":{\"name\":\"Ben Story\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"headline\":\"CompTIA CySA+ Objective 3.2\",\"datePublished\":\"2019-01-18T13:35:57+00:00\",\"dateModified\":\"2019-01-18T19:45:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/18\\\/comptia-cysa-objective-3-2\\\/\"},\"wordCount\":716,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/18\\\/comptia-cysa-objective-3-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/pexels-photo-1496139.jpeg?fit=640%2C613&ssl=1\",\"keywords\":[\"certification\",\"cysa+\"],\"articleSection\":[\"Blog\",\"Certification\",\"CySA+\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/18\\\/comptia-cysa-objective-3-2\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/18\\\/comptia-cysa-objective-3-2\\\/\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/18\\\/comptia-cysa-objective-3-2\\\/\",\"name\":\"CompTIA CySA+ Objective 3.2 -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/18\\\/comptia-cysa-objective-3-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/18\\\/comptia-cysa-objective-3-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/pexels-photo-1496139.jpeg?fit=640%2C613&ssl=1\",\"datePublished\":\"2019-01-18T13:35:57+00:00\",\"dateModified\":\"2019-01-18T19:45:37+00:00\",\"description\":\"ng prepared before an event is a crucial part of being a security analyst. Developing a forensics toolkit is key in this preparedness. This is part of Objective 3.2 of the CompTIA CySA+ exam.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/18\\\/comptia-cysa-objective-3-2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/18\\\/comptia-cysa-objective-3-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/18\\\/comptia-cysa-objective-3-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/pexels-photo-1496139.jpeg?fit=640%2C613&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2019\\\/01\\\/pexels-photo-1496139.jpeg?fit=640%2C613&ssl=1\",\"width\":640,\"height\":613,\"caption\":\"Photo by rawpixel.com from Pexels\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/01\\\/18\\\/comptia-cysa-objective-3-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/packitforwarding.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CompTIA CySA+ Objective 3.2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/\",\"name\":\"\",\"description\":\"Paying it forward to the next generation of IT.\",\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/packitforwarding.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\",\"name\":\"Ben Story\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"width\":489,\"height\":250,\"caption\":\"Ben Story\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\"},\"description\":\"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/packitforwarding\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/benstory\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/www.twitter.com\\\/ntwrk80\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CompTIA CySA+ Objective 3.2 -","description":"ng prepared before an event is a crucial part of being a security analyst. Developing a forensics toolkit is key in this preparedness. This is part of Objective 3.2 of the CompTIA CySA+ exam.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/","og_locale":"en_US","og_type":"article","og_title":"CompTIA CySA+ Objective 3.2 -","og_description":"ng prepared before an event is a crucial part of being a security analyst. Developing a forensics toolkit is key in this preparedness. This is part of Objective 3.2 of the CompTIA CySA+ exam.","og_url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/","article_publisher":"https:\/\/www.facebook.com\/packitforwarding","article_author":"https:\/\/www.facebook.com\/packitforwarding","article_published_time":"2019-01-18T13:35:57+00:00","article_modified_time":"2019-01-18T19:45:37+00:00","og_image":[{"width":640,"height":613,"url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-1496139.jpeg?fit=640%2C613&ssl=1","type":"image\/jpeg"}],"author":"Ben Story","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/www.twitter.com\/ntwrk80","twitter_site":"@ntwrk80","twitter_misc":{"Written by":"Ben Story","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/#article","isPartOf":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/"},"author":{"name":"Ben Story","@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"headline":"CompTIA CySA+ Objective 3.2","datePublished":"2019-01-18T13:35:57+00:00","dateModified":"2019-01-18T19:45:37+00:00","mainEntityOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/"},"wordCount":716,"commentCount":1,"publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-1496139.jpeg?fit=640%2C613&ssl=1","keywords":["certification","cysa+"],"articleSection":["Blog","Certification","CySA+"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/","url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/","name":"CompTIA CySA+ Objective 3.2 -","isPartOf":{"@id":"https:\/\/packitforwarding.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/#primaryimage"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-1496139.jpeg?fit=640%2C613&ssl=1","datePublished":"2019-01-18T13:35:57+00:00","dateModified":"2019-01-18T19:45:37+00:00","description":"ng prepared before an event is a crucial part of being a security analyst. Developing a forensics toolkit is key in this preparedness. This is part of Objective 3.2 of the CompTIA CySA+ exam.","breadcrumb":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/#primaryimage","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-1496139.jpeg?fit=640%2C613&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-1496139.jpeg?fit=640%2C613&ssl=1","width":640,"height":613,"caption":"Photo by rawpixel.com from Pexels"},{"@type":"BreadcrumbList","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/18\/comptia-cysa-objective-3-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/packitforwarding.com\/"},{"@type":"ListItem","position":2,"name":"CompTIA CySA+ Objective 3.2"}]},{"@type":"WebSite","@id":"https:\/\/packitforwarding.com\/#website","url":"https:\/\/packitforwarding.com\/","name":"","description":"Paying it forward to the next generation of IT.","publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/packitforwarding.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8","name":"Ben Story","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","width":489,"height":250,"caption":"Ben Story"},"logo":{"@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1"},"description":"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.","sameAs":["https:\/\/www.facebook.com\/packitforwarding","https:\/\/www.linkedin.com\/in\/benstory","https:\/\/x.com\/https:\/\/www.twitter.com\/ntwrk80"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-1496139.jpeg?fit=640%2C613&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pay9MD-5Q","jetpack-related-posts":[{"id":465,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/02\/26\/comptia-cysa-objective-4-5\/","url_meta":{"origin":362,"position":0},"title":"CompTIA CySA+ Objective 4.5","author":"Ben Story","date":"February 26, 2019","format":false,"excerpt":"Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 So this objective is more of a laundry list than anything else. I would suggest going through the list of tools and familiarize yourself with what\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/keys-workshop-mechanic-tools-162553.jpeg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/keys-workshop-mechanic-tools-162553.jpeg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/02\/keys-workshop-mechanic-tools-162553.jpeg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":165,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/14\/comptia-cysa-objective-2-2\/","url_meta":{"origin":362,"position":1},"title":"CompTIA CySA+ Objective 2.2","author":"Ben Story","date":"January 14, 2019","format":false,"excerpt":"Given a scenario, analyze the output resulting from a vulnerability scan.CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 Analyze Reports from a Vulnerability Scan The data from a vulnerability scan must be interpreted and analyzed to turn it into usable and actionable information.\u00a0 One of the first parts of\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Microscope","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-256262.jpeg?fit=640%2C424&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-256262.jpeg?fit=640%2C424&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-256262.jpeg?fit=640%2C424&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":159,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/01\/comptia-cysa-cs0-001\/","url_meta":{"origin":362,"position":2},"title":"CompTIA CySA+ CS0-001","author":"Ben Story","date":"January 1, 2019","format":false,"excerpt":"Security has always been an important component in being a Network Engineer.\u00a0 Today's Internet of Things (IoT) and the growing number of cyber attacks has made it even more crucial.\u00a0 Because of this, I've decided to go back into the Security realm of certification coursework and exams.\u00a0 It has been\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Security","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/security-protection-anti-virus-software-60504.jpeg?fit=1200%2C800&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":161,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/07\/comptia-cysa-objective-1-2\/","url_meta":{"origin":362,"position":3},"title":"CompTIA CySA+ Objective 1.2","author":"Ben Story","date":"January 7, 2019","format":false,"excerpt":"Given a scenario, analyze the results of a network reconnaissance.CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 While gathering the reconnaissance about a network, the data must be turned into actionable information.\u00a0 The first type of analysis is the point in time analysis.\u00a0 Sources for such analysis may include\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Photo by PhotoMIX Ltd. from Pexels","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/11\/pexels-photo-95916.jpeg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/11\/pexels-photo-95916.jpeg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/11\/pexels-photo-95916.jpeg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":371,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/22\/comptia-cysa-objective-3-3\/","url_meta":{"origin":362,"position":4},"title":"CompTIA CySA+ Objective 3.3","author":"Ben Story","date":"January 22, 2019","format":false,"excerpt":"Explain the importance of communication during the incident response process. CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives Version 3.0 Communication is important during an incident response. The stakeholders and types of communication need to be defined before an incident. Stakeholders Human Resources HR should provide the following responsibilities in reference\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"communication","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/marketing-man-person-communication.jpg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/marketing-man-person-communication.jpg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/marketing-man-person-communication.jpg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":422,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/01\/30\/comptia-cysa-test\/","url_meta":{"origin":362,"position":5},"title":"CompTIA CySA+ &#8211; The Test","author":"Ben Story","date":"January 30, 2019","format":false,"excerpt":"Nothing happens until something moves.Albert Einstein After studying for about 3 months, 1 month intensively, I sat for the CompTIA CySA+ exam today. For those of you going, \"Wait, he hasn't finished his blog posts on all of the objectives,\" relax, they're still in the works. So here are my\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Test Chalkboard","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-459793.jpeg?fit=640%2C463&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-459793.jpeg?fit=640%2C463&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/01\/pexels-photo-459793.jpeg?fit=640%2C463&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/362","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/comments?post=362"}],"version-history":[{"count":0,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/362\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media\/364"}],"wp:attachment":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media?parent=362"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/categories?post=362"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/tags?post=362"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}